@azure/msal-common 14.14.0 → 14.14.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/account/AccountInfo.d.ts +66 -66
- package/dist/account/AccountInfo.mjs +77 -77
- package/dist/account/AuthToken.d.ts +17 -17
- package/dist/account/AuthToken.mjs +58 -58
- package/dist/account/CcsCredential.d.ts +9 -9
- package/dist/account/CcsCredential.mjs +8 -8
- package/dist/account/ClientCredentials.d.ts +19 -19
- package/dist/account/ClientInfo.d.ts +18 -18
- package/dist/account/ClientInfo.mjs +37 -37
- package/dist/account/TokenClaims.d.ts +83 -83
- package/dist/account/TokenClaims.mjs +20 -20
- package/dist/authority/Authority.d.ts +254 -254
- package/dist/authority/Authority.mjs +836 -836
- package/dist/authority/AuthorityFactory.d.ts +18 -18
- package/dist/authority/AuthorityFactory.mjs +28 -28
- package/dist/authority/AuthorityMetadata.d.ts +43 -43
- package/dist/authority/AuthorityMetadata.mjs +137 -137
- package/dist/authority/AuthorityOptions.d.ts +27 -27
- package/dist/authority/AuthorityOptions.mjs +18 -18
- package/dist/authority/AuthorityType.d.ts +10 -10
- package/dist/authority/AuthorityType.mjs +13 -13
- package/dist/authority/AzureRegion.d.ts +1 -1
- package/dist/authority/AzureRegionConfiguration.d.ts +5 -5
- package/dist/authority/CloudDiscoveryMetadata.d.ts +5 -5
- package/dist/authority/CloudInstanceDiscoveryErrorResponse.d.ts +13 -13
- package/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs +8 -8
- package/dist/authority/CloudInstanceDiscoveryResponse.d.ts +9 -9
- package/dist/authority/CloudInstanceDiscoveryResponse.mjs +8 -8
- package/dist/authority/ImdsOptions.d.ts +5 -5
- package/dist/authority/OIDCOptions.d.ts +8 -8
- package/dist/authority/OpenIdConfigResponse.d.ts +11 -11
- package/dist/authority/OpenIdConfigResponse.mjs +10 -10
- package/dist/authority/ProtocolMode.d.ts +8 -8
- package/dist/authority/ProtocolMode.mjs +11 -11
- package/dist/authority/RegionDiscovery.d.ts +32 -32
- package/dist/authority/RegionDiscovery.mjs +106 -106
- package/dist/authority/RegionDiscoveryMetadata.d.ts +6 -6
- package/dist/broker/nativeBroker/INativeBrokerPlugin.d.ts +15 -15
- package/dist/cache/CacheManager.d.ts +497 -497
- package/dist/cache/CacheManager.mjs +1249 -1249
- package/dist/cache/entities/AccessTokenEntity.d.ts +25 -25
- package/dist/cache/entities/AccountEntity.d.ts +106 -106
- package/dist/cache/entities/AccountEntity.mjs +240 -240
- package/dist/cache/entities/AppMetadataEntity.d.ts +11 -11
- package/dist/cache/entities/AuthorityMetadataEntity.d.ts +15 -15
- package/dist/cache/entities/CacheRecord.d.ts +13 -13
- package/dist/cache/entities/CredentialEntity.d.ts +30 -30
- package/dist/cache/entities/IdTokenEntity.d.ts +8 -8
- package/dist/cache/entities/RefreshTokenEntity.d.ts +7 -7
- package/dist/cache/entities/ServerTelemetryEntity.d.ts +6 -6
- package/dist/cache/entities/ThrottlingEntity.d.ts +7 -7
- package/dist/cache/interface/ICacheManager.d.ts +166 -166
- package/dist/cache/interface/ICachePlugin.d.ts +5 -5
- package/dist/cache/interface/ISerializableTokenCache.d.ts +4 -4
- package/dist/cache/persistence/TokenCacheContext.d.ts +23 -23
- package/dist/cache/persistence/TokenCacheContext.mjs +25 -25
- package/dist/cache/utils/CacheHelpers.d.ts +94 -94
- package/dist/cache/utils/CacheHelpers.mjs +324 -324
- package/dist/cache/utils/CacheTypes.d.ts +69 -69
- package/dist/client/AuthorizationCodeClient.d.ts +74 -74
- package/dist/client/AuthorizationCodeClient.mjs +420 -420
- package/dist/client/BaseClient.d.ts +51 -51
- package/dist/client/BaseClient.mjs +100 -100
- package/dist/client/RefreshTokenClient.d.ts +35 -35
- package/dist/client/RefreshTokenClient.mjs +211 -211
- package/dist/client/SilentFlowClient.d.ts +27 -27
- package/dist/client/SilentFlowClient.mjs +133 -133
- package/dist/config/AppTokenProvider.d.ts +38 -38
- package/dist/config/ClientConfiguration.d.ts +150 -150
- package/dist/config/ClientConfiguration.mjs +95 -95
- package/dist/constants/AADServerParamKeys.d.ts +53 -53
- package/dist/constants/AADServerParamKeys.mjs +57 -57
- package/dist/crypto/ICrypto.d.ts +68 -68
- package/dist/crypto/ICrypto.mjs +36 -36
- package/dist/crypto/IGuidGenerator.d.ts +4 -4
- package/dist/crypto/JoseHeader.d.ts +22 -22
- package/dist/crypto/JoseHeader.mjs +37 -37
- package/dist/crypto/PopTokenGenerator.d.ts +59 -59
- package/dist/crypto/PopTokenGenerator.mjs +81 -81
- package/dist/crypto/SignedHttpRequest.d.ts +15 -15
- package/dist/error/AuthError.d.ts +44 -44
- package/dist/error/AuthError.mjs +46 -46
- package/dist/error/AuthErrorCodes.d.ts +5 -5
- package/dist/error/AuthErrorCodes.mjs +9 -9
- package/dist/error/CacheError.d.ts +20 -20
- package/dist/error/CacheError.mjs +24 -24
- package/dist/error/CacheErrorCodes.d.ts +2 -2
- package/dist/error/CacheErrorCodes.mjs +6 -6
- package/dist/error/ClientAuthError.d.ts +237 -237
- package/dist/error/ClientAuthError.mjs +249 -249
- package/dist/error/ClientAuthErrorCodes.d.ts +44 -44
- package/dist/error/ClientAuthErrorCodes.mjs +48 -48
- package/dist/error/ClientConfigurationError.d.ts +128 -128
- package/dist/error/ClientConfigurationError.mjs +135 -135
- package/dist/error/ClientConfigurationErrorCodes.d.ts +22 -22
- package/dist/error/ClientConfigurationErrorCodes.mjs +26 -26
- package/dist/error/InteractionRequiredAuthError.d.ts +65 -65
- package/dist/error/InteractionRequiredAuthError.mjs +85 -85
- package/dist/error/InteractionRequiredAuthErrorCodes.d.ts +7 -7
- package/dist/error/InteractionRequiredAuthErrorCodes.mjs +13 -13
- package/dist/error/JoseHeaderError.d.ts +15 -15
- package/dist/error/JoseHeaderError.mjs +22 -22
- package/dist/error/JoseHeaderErrorCodes.d.ts +2 -2
- package/dist/error/JoseHeaderErrorCodes.mjs +6 -6
- package/dist/error/ServerError.d.ts +15 -15
- package/dist/error/ServerError.mjs +16 -16
- package/dist/index.cjs +8662 -8658
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.ts +107 -107
- package/dist/index.mjs +1 -1
- package/dist/logger/Logger.d.ts +95 -95
- package/dist/logger/Logger.mjs +188 -188
- package/dist/network/INetworkModule.d.ts +29 -29
- package/dist/network/INetworkModule.mjs +12 -12
- package/dist/network/NetworkManager.d.ts +33 -33
- package/dist/network/NetworkManager.mjs +34 -34
- package/dist/network/RequestThumbprint.d.ts +18 -18
- package/dist/network/ThrottlingUtils.d.ts +42 -42
- package/dist/network/ThrottlingUtils.mjs +95 -95
- package/dist/packageMetadata.d.ts +2 -2
- package/dist/packageMetadata.mjs +4 -4
- package/dist/request/AuthenticationHeaderParser.d.ts +19 -19
- package/dist/request/AuthenticationHeaderParser.mjs +55 -55
- package/dist/request/BaseAuthRequest.d.ts +47 -47
- package/dist/request/CommonAuthorizationCodeRequest.d.ts +27 -27
- package/dist/request/CommonAuthorizationUrlRequest.d.ts +50 -50
- package/dist/request/CommonClientCredentialRequest.d.ts +17 -17
- package/dist/request/CommonDeviceCodeRequest.d.ts +21 -21
- package/dist/request/CommonEndSessionRequest.d.ts +21 -21
- package/dist/request/CommonOnBehalfOfRequest.d.ts +13 -13
- package/dist/request/CommonRefreshTokenRequest.d.ts +22 -22
- package/dist/request/CommonSilentFlowRequest.d.ts +27 -27
- package/dist/request/CommonUsernamePasswordRequest.d.ts +17 -17
- package/dist/request/NativeRequest.d.ts +19 -19
- package/dist/request/NativeSignOutRequest.d.ts +5 -5
- package/dist/request/RequestParameterBuilder.d.ts +217 -217
- package/dist/request/RequestParameterBuilder.mjs +382 -382
- package/dist/request/RequestValidator.d.ts +27 -27
- package/dist/request/RequestValidator.mjs +64 -64
- package/dist/request/ScopeSet.d.ts +88 -88
- package/dist/request/ScopeSet.mjs +197 -197
- package/dist/request/StoreInCache.d.ts +8 -8
- package/dist/response/AuthenticationResult.d.ts +41 -41
- package/dist/response/AuthorizationCodePayload.d.ts +13 -13
- package/dist/response/DeviceCodeResponse.d.ts +25 -25
- package/dist/response/ExternalTokenResponse.d.ts +15 -15
- package/dist/response/IMDSBadResponse.d.ts +4 -4
- package/dist/response/ResponseHandler.d.ts +69 -69
- package/dist/response/ResponseHandler.mjs +374 -374
- package/dist/response/ServerAuthorizationCodeResponse.d.ts +26 -26
- package/dist/response/ServerAuthorizationTokenResponse.d.ts +47 -47
- package/dist/telemetry/performance/IPerformanceClient.d.ts +57 -57
- package/dist/telemetry/performance/IPerformanceMeasurement.d.ts +5 -5
- package/dist/telemetry/performance/PerformanceClient.d.ts +242 -242
- package/dist/telemetry/performance/PerformanceClient.mjs +587 -587
- package/dist/telemetry/performance/PerformanceEvent.d.ts +515 -505
- package/dist/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
- package/dist/telemetry/performance/PerformanceEvent.mjs +484 -480
- package/dist/telemetry/performance/PerformanceEvent.mjs.map +1 -1
- package/dist/telemetry/performance/StubPerformanceClient.d.ts +24 -24
- package/dist/telemetry/performance/StubPerformanceClient.mjs +76 -76
- package/dist/telemetry/server/ServerTelemetryManager.d.ts +78 -78
- package/dist/telemetry/server/ServerTelemetryManager.mjs +260 -260
- package/dist/telemetry/server/ServerTelemetryRequest.d.ts +8 -8
- package/dist/url/IUri.d.ts +12 -12
- package/dist/url/UrlString.d.ts +48 -48
- package/dist/url/UrlString.mjs +161 -161
- package/dist/utils/ClientAssertionUtils.d.ts +2 -2
- package/dist/utils/ClientAssertionUtils.mjs +16 -16
- package/dist/utils/Constants.d.ts +309 -309
- package/dist/utils/Constants.mjs +322 -322
- package/dist/utils/FunctionWrappers.d.ts +27 -27
- package/dist/utils/FunctionWrappers.mjs +94 -94
- package/dist/utils/MsalTypes.d.ts +6 -6
- package/dist/utils/ProtocolUtils.d.ts +42 -42
- package/dist/utils/ProtocolUtils.mjs +69 -69
- package/dist/utils/StringUtils.d.ts +40 -40
- package/dist/utils/StringUtils.mjs +95 -95
- package/dist/utils/TimeUtils.d.ts +25 -25
- package/dist/utils/TimeUtils.mjs +43 -43
- package/dist/utils/UrlUtils.d.ts +10 -10
- package/dist/utils/UrlUtils.mjs +44 -44
- package/package.json +1 -1
- package/src/packageMetadata.ts +1 -1
- package/src/telemetry/performance/PerformanceEvent.ts +12 -0
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
/*! @azure/msal-common v14.14.
|
|
1
|
+
/*! @azure/msal-common v14.14.1 2024-08-13 */
|
|
2
2
|
'use strict';
|
|
3
3
|
import { Separators, CacheAccountType } from '../../utils/Constants.mjs';
|
|
4
4
|
import { buildClientInfo } from '../../account/ClientInfo.mjs';
|
|
@@ -9,245 +9,245 @@ import { getTenantIdFromIdTokenClaims } from '../../account/TokenClaims.mjs';
|
|
|
9
9
|
import { ProtocolMode } from '../../authority/ProtocolMode.mjs';
|
|
10
10
|
import { invalidCacheEnvironment } from '../../error/ClientAuthErrorCodes.mjs';
|
|
11
11
|
|
|
12
|
-
/*
|
|
13
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
14
|
-
* Licensed under the MIT License.
|
|
15
|
-
*/
|
|
16
|
-
/**
|
|
17
|
-
* Type that defines required and optional parameters for an Account field (based on universal cache schema implemented by all MSALs).
|
|
18
|
-
*
|
|
19
|
-
* Key : Value Schema
|
|
20
|
-
*
|
|
21
|
-
* Key: <home_account_id>-<environment>-<realm*>
|
|
22
|
-
*
|
|
23
|
-
* Value Schema:
|
|
24
|
-
* {
|
|
25
|
-
* homeAccountId: home account identifier for the auth scheme,
|
|
26
|
-
* environment: entity that issued the token, represented as a full host
|
|
27
|
-
* realm: Full tenant or organizational identifier that the account belongs to
|
|
28
|
-
* localAccountId: Original tenant-specific accountID, usually used for legacy cases
|
|
29
|
-
* username: primary username that represents the user, usually corresponds to preferred_username in the v2 endpt
|
|
30
|
-
* authorityType: Accounts authority type as a string
|
|
31
|
-
* name: Full name for the account, including given name and family name,
|
|
32
|
-
* lastModificationTime: last time this entity was modified in the cache
|
|
33
|
-
* lastModificationApp:
|
|
34
|
-
* nativeAccountId: Account identifier on the native device
|
|
35
|
-
* tenantProfiles: Array of tenant profile objects for each tenant that the account has authenticated with in the browser
|
|
36
|
-
* }
|
|
37
|
-
* @internal
|
|
38
|
-
*/
|
|
39
|
-
class AccountEntity {
|
|
40
|
-
/**
|
|
41
|
-
* Generate Account Id key component as per the schema: <home_account_id>-<environment>
|
|
42
|
-
*/
|
|
43
|
-
generateAccountId() {
|
|
44
|
-
const accountId = [this.homeAccountId, this.environment];
|
|
45
|
-
return accountId.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase();
|
|
46
|
-
}
|
|
47
|
-
/**
|
|
48
|
-
* Generate Account Cache Key as per the schema: <home_account_id>-<environment>-<realm*>
|
|
49
|
-
*/
|
|
50
|
-
generateAccountKey() {
|
|
51
|
-
return AccountEntity.generateAccountCacheKey({
|
|
52
|
-
homeAccountId: this.homeAccountId,
|
|
53
|
-
environment: this.environment,
|
|
54
|
-
tenantId: this.realm,
|
|
55
|
-
username: this.username,
|
|
56
|
-
localAccountId: this.localAccountId,
|
|
57
|
-
});
|
|
58
|
-
}
|
|
59
|
-
/**
|
|
60
|
-
* Returns the AccountInfo interface for this account.
|
|
61
|
-
*/
|
|
62
|
-
getAccountInfo() {
|
|
63
|
-
return {
|
|
64
|
-
homeAccountId: this.homeAccountId,
|
|
65
|
-
environment: this.environment,
|
|
66
|
-
tenantId: this.realm,
|
|
67
|
-
username: this.username,
|
|
68
|
-
localAccountId: this.localAccountId,
|
|
69
|
-
name: this.name,
|
|
70
|
-
nativeAccountId: this.nativeAccountId,
|
|
71
|
-
authorityType: this.authorityType,
|
|
72
|
-
// Deserialize tenant profiles array into a Map
|
|
73
|
-
tenantProfiles: new Map((this.tenantProfiles || []).map((tenantProfile) => {
|
|
74
|
-
return [tenantProfile.tenantId, tenantProfile];
|
|
75
|
-
})),
|
|
76
|
-
};
|
|
77
|
-
}
|
|
78
|
-
/**
|
|
79
|
-
* Returns true if the account entity is in single tenant format (outdated), false otherwise
|
|
80
|
-
*/
|
|
81
|
-
isSingleTenant() {
|
|
82
|
-
return !this.tenantProfiles;
|
|
83
|
-
}
|
|
84
|
-
/**
|
|
85
|
-
* Generates account key from interface
|
|
86
|
-
* @param accountInterface
|
|
87
|
-
*/
|
|
88
|
-
static generateAccountCacheKey(accountInterface) {
|
|
89
|
-
const homeTenantId = accountInterface.homeAccountId.split(".")[1];
|
|
90
|
-
const accountKey = [
|
|
91
|
-
accountInterface.homeAccountId,
|
|
92
|
-
accountInterface.environment || "",
|
|
93
|
-
homeTenantId || accountInterface.tenantId || "",
|
|
94
|
-
];
|
|
95
|
-
return accountKey.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase();
|
|
96
|
-
}
|
|
97
|
-
/**
|
|
98
|
-
* Build Account cache from IdToken, clientInfo and authority/policy. Associated with AAD.
|
|
99
|
-
* @param accountDetails
|
|
100
|
-
*/
|
|
101
|
-
static createAccount(accountDetails, authority, base64Decode) {
|
|
102
|
-
const account = new AccountEntity();
|
|
103
|
-
if (authority.authorityType === AuthorityType.Adfs) {
|
|
104
|
-
account.authorityType = CacheAccountType.ADFS_ACCOUNT_TYPE;
|
|
105
|
-
}
|
|
106
|
-
else if (authority.protocolMode === ProtocolMode.AAD) {
|
|
107
|
-
account.authorityType = CacheAccountType.MSSTS_ACCOUNT_TYPE;
|
|
108
|
-
}
|
|
109
|
-
else {
|
|
110
|
-
account.authorityType = CacheAccountType.GENERIC_ACCOUNT_TYPE;
|
|
111
|
-
}
|
|
112
|
-
let clientInfo;
|
|
113
|
-
if (accountDetails.clientInfo && base64Decode) {
|
|
114
|
-
clientInfo = buildClientInfo(accountDetails.clientInfo, base64Decode);
|
|
115
|
-
}
|
|
116
|
-
account.clientInfo = accountDetails.clientInfo;
|
|
117
|
-
account.homeAccountId = accountDetails.homeAccountId;
|
|
118
|
-
account.nativeAccountId = accountDetails.nativeAccountId;
|
|
119
|
-
const env = accountDetails.environment ||
|
|
120
|
-
(authority && authority.getPreferredCache());
|
|
121
|
-
if (!env) {
|
|
122
|
-
throw createClientAuthError(invalidCacheEnvironment);
|
|
123
|
-
}
|
|
124
|
-
account.environment = env;
|
|
125
|
-
// non AAD scenarios can have empty realm
|
|
126
|
-
account.realm =
|
|
127
|
-
clientInfo?.utid ||
|
|
128
|
-
getTenantIdFromIdTokenClaims(accountDetails.idTokenClaims) ||
|
|
129
|
-
"";
|
|
130
|
-
// How do you account for MSA CID here?
|
|
131
|
-
account.localAccountId =
|
|
132
|
-
clientInfo?.uid ||
|
|
133
|
-
accountDetails.idTokenClaims?.oid ||
|
|
134
|
-
accountDetails.idTokenClaims?.sub ||
|
|
135
|
-
"";
|
|
136
|
-
/*
|
|
137
|
-
* In B2C scenarios the emails claim is used instead of preferred_username and it is an array.
|
|
138
|
-
* In most cases it will contain a single email. This field should not be relied upon if a custom
|
|
139
|
-
* policy is configured to return more than 1 email.
|
|
140
|
-
*/
|
|
141
|
-
const preferredUsername = accountDetails.idTokenClaims?.preferred_username ||
|
|
142
|
-
accountDetails.idTokenClaims?.upn;
|
|
143
|
-
const email = accountDetails.idTokenClaims?.emails
|
|
144
|
-
? accountDetails.idTokenClaims.emails[0]
|
|
145
|
-
: null;
|
|
146
|
-
account.username = preferredUsername || email || "";
|
|
147
|
-
account.name = accountDetails.idTokenClaims?.name || "";
|
|
148
|
-
account.cloudGraphHostName = accountDetails.cloudGraphHostName;
|
|
149
|
-
account.msGraphHost = accountDetails.msGraphHost;
|
|
150
|
-
if (accountDetails.tenantProfiles) {
|
|
151
|
-
account.tenantProfiles = accountDetails.tenantProfiles;
|
|
152
|
-
}
|
|
153
|
-
else {
|
|
154
|
-
const tenantProfile = buildTenantProfile(accountDetails.homeAccountId, account.localAccountId, account.realm, accountDetails.idTokenClaims);
|
|
155
|
-
account.tenantProfiles = [tenantProfile];
|
|
156
|
-
}
|
|
157
|
-
return account;
|
|
158
|
-
}
|
|
159
|
-
/**
|
|
160
|
-
* Creates an AccountEntity object from AccountInfo
|
|
161
|
-
* @param accountInfo
|
|
162
|
-
* @param cloudGraphHostName
|
|
163
|
-
* @param msGraphHost
|
|
164
|
-
* @returns
|
|
165
|
-
*/
|
|
166
|
-
static createFromAccountInfo(accountInfo, cloudGraphHostName, msGraphHost) {
|
|
167
|
-
const account = new AccountEntity();
|
|
168
|
-
account.authorityType =
|
|
169
|
-
accountInfo.authorityType || CacheAccountType.GENERIC_ACCOUNT_TYPE;
|
|
170
|
-
account.homeAccountId = accountInfo.homeAccountId;
|
|
171
|
-
account.localAccountId = accountInfo.localAccountId;
|
|
172
|
-
account.nativeAccountId = accountInfo.nativeAccountId;
|
|
173
|
-
account.realm = accountInfo.tenantId;
|
|
174
|
-
account.environment = accountInfo.environment;
|
|
175
|
-
account.username = accountInfo.username;
|
|
176
|
-
account.name = accountInfo.name;
|
|
177
|
-
account.cloudGraphHostName = cloudGraphHostName;
|
|
178
|
-
account.msGraphHost = msGraphHost;
|
|
179
|
-
// Serialize tenant profiles map into an array
|
|
180
|
-
account.tenantProfiles = Array.from(accountInfo.tenantProfiles?.values() || []);
|
|
181
|
-
return account;
|
|
182
|
-
}
|
|
183
|
-
/**
|
|
184
|
-
* Generate HomeAccountId from server response
|
|
185
|
-
* @param serverClientInfo
|
|
186
|
-
* @param authType
|
|
187
|
-
*/
|
|
188
|
-
static generateHomeAccountId(serverClientInfo, authType, logger, cryptoObj, idTokenClaims) {
|
|
189
|
-
// since ADFS/DSTS do not have tid and does not set client_info
|
|
190
|
-
if (!(authType === AuthorityType.Adfs ||
|
|
191
|
-
authType === AuthorityType.Dsts)) {
|
|
192
|
-
// for cases where there is clientInfo
|
|
193
|
-
if (serverClientInfo) {
|
|
194
|
-
try {
|
|
195
|
-
const clientInfo = buildClientInfo(serverClientInfo, cryptoObj.base64Decode);
|
|
196
|
-
if (clientInfo.uid && clientInfo.utid) {
|
|
197
|
-
return `${clientInfo.uid}.${clientInfo.utid}`;
|
|
198
|
-
}
|
|
199
|
-
}
|
|
200
|
-
catch (e) { }
|
|
201
|
-
}
|
|
202
|
-
logger.warning("No client info in response");
|
|
203
|
-
}
|
|
204
|
-
// default to "sub" claim
|
|
205
|
-
return idTokenClaims?.sub || "";
|
|
206
|
-
}
|
|
207
|
-
/**
|
|
208
|
-
* Validates an entity: checks for all expected params
|
|
209
|
-
* @param entity
|
|
210
|
-
*/
|
|
211
|
-
static isAccountEntity(entity) {
|
|
212
|
-
if (!entity) {
|
|
213
|
-
return false;
|
|
214
|
-
}
|
|
215
|
-
return (entity.hasOwnProperty("homeAccountId") &&
|
|
216
|
-
entity.hasOwnProperty("environment") &&
|
|
217
|
-
entity.hasOwnProperty("realm") &&
|
|
218
|
-
entity.hasOwnProperty("localAccountId") &&
|
|
219
|
-
entity.hasOwnProperty("username") &&
|
|
220
|
-
entity.hasOwnProperty("authorityType"));
|
|
221
|
-
}
|
|
222
|
-
/**
|
|
223
|
-
* Helper function to determine whether 2 accountInfo objects represent the same account
|
|
224
|
-
* @param accountA
|
|
225
|
-
* @param accountB
|
|
226
|
-
* @param compareClaims - If set to true idTokenClaims will also be compared to determine account equality
|
|
227
|
-
*/
|
|
228
|
-
static accountInfoIsEqual(accountA, accountB, compareClaims) {
|
|
229
|
-
if (!accountA || !accountB) {
|
|
230
|
-
return false;
|
|
231
|
-
}
|
|
232
|
-
let claimsMatch = true; // default to true so as to not fail comparison below if compareClaims: false
|
|
233
|
-
if (compareClaims) {
|
|
234
|
-
const accountAClaims = (accountA.idTokenClaims ||
|
|
235
|
-
{});
|
|
236
|
-
const accountBClaims = (accountB.idTokenClaims ||
|
|
237
|
-
{});
|
|
238
|
-
// issued at timestamp and nonce are expected to change each time a new id token is acquired
|
|
239
|
-
claimsMatch =
|
|
240
|
-
accountAClaims.iat === accountBClaims.iat &&
|
|
241
|
-
accountAClaims.nonce === accountBClaims.nonce;
|
|
242
|
-
}
|
|
243
|
-
return (accountA.homeAccountId === accountB.homeAccountId &&
|
|
244
|
-
accountA.localAccountId === accountB.localAccountId &&
|
|
245
|
-
accountA.username === accountB.username &&
|
|
246
|
-
accountA.tenantId === accountB.tenantId &&
|
|
247
|
-
accountA.environment === accountB.environment &&
|
|
248
|
-
accountA.nativeAccountId === accountB.nativeAccountId &&
|
|
249
|
-
claimsMatch);
|
|
250
|
-
}
|
|
12
|
+
/*
|
|
13
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
14
|
+
* Licensed under the MIT License.
|
|
15
|
+
*/
|
|
16
|
+
/**
|
|
17
|
+
* Type that defines required and optional parameters for an Account field (based on universal cache schema implemented by all MSALs).
|
|
18
|
+
*
|
|
19
|
+
* Key : Value Schema
|
|
20
|
+
*
|
|
21
|
+
* Key: <home_account_id>-<environment>-<realm*>
|
|
22
|
+
*
|
|
23
|
+
* Value Schema:
|
|
24
|
+
* {
|
|
25
|
+
* homeAccountId: home account identifier for the auth scheme,
|
|
26
|
+
* environment: entity that issued the token, represented as a full host
|
|
27
|
+
* realm: Full tenant or organizational identifier that the account belongs to
|
|
28
|
+
* localAccountId: Original tenant-specific accountID, usually used for legacy cases
|
|
29
|
+
* username: primary username that represents the user, usually corresponds to preferred_username in the v2 endpt
|
|
30
|
+
* authorityType: Accounts authority type as a string
|
|
31
|
+
* name: Full name for the account, including given name and family name,
|
|
32
|
+
* lastModificationTime: last time this entity was modified in the cache
|
|
33
|
+
* lastModificationApp:
|
|
34
|
+
* nativeAccountId: Account identifier on the native device
|
|
35
|
+
* tenantProfiles: Array of tenant profile objects for each tenant that the account has authenticated with in the browser
|
|
36
|
+
* }
|
|
37
|
+
* @internal
|
|
38
|
+
*/
|
|
39
|
+
class AccountEntity {
|
|
40
|
+
/**
|
|
41
|
+
* Generate Account Id key component as per the schema: <home_account_id>-<environment>
|
|
42
|
+
*/
|
|
43
|
+
generateAccountId() {
|
|
44
|
+
const accountId = [this.homeAccountId, this.environment];
|
|
45
|
+
return accountId.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase();
|
|
46
|
+
}
|
|
47
|
+
/**
|
|
48
|
+
* Generate Account Cache Key as per the schema: <home_account_id>-<environment>-<realm*>
|
|
49
|
+
*/
|
|
50
|
+
generateAccountKey() {
|
|
51
|
+
return AccountEntity.generateAccountCacheKey({
|
|
52
|
+
homeAccountId: this.homeAccountId,
|
|
53
|
+
environment: this.environment,
|
|
54
|
+
tenantId: this.realm,
|
|
55
|
+
username: this.username,
|
|
56
|
+
localAccountId: this.localAccountId,
|
|
57
|
+
});
|
|
58
|
+
}
|
|
59
|
+
/**
|
|
60
|
+
* Returns the AccountInfo interface for this account.
|
|
61
|
+
*/
|
|
62
|
+
getAccountInfo() {
|
|
63
|
+
return {
|
|
64
|
+
homeAccountId: this.homeAccountId,
|
|
65
|
+
environment: this.environment,
|
|
66
|
+
tenantId: this.realm,
|
|
67
|
+
username: this.username,
|
|
68
|
+
localAccountId: this.localAccountId,
|
|
69
|
+
name: this.name,
|
|
70
|
+
nativeAccountId: this.nativeAccountId,
|
|
71
|
+
authorityType: this.authorityType,
|
|
72
|
+
// Deserialize tenant profiles array into a Map
|
|
73
|
+
tenantProfiles: new Map((this.tenantProfiles || []).map((tenantProfile) => {
|
|
74
|
+
return [tenantProfile.tenantId, tenantProfile];
|
|
75
|
+
})),
|
|
76
|
+
};
|
|
77
|
+
}
|
|
78
|
+
/**
|
|
79
|
+
* Returns true if the account entity is in single tenant format (outdated), false otherwise
|
|
80
|
+
*/
|
|
81
|
+
isSingleTenant() {
|
|
82
|
+
return !this.tenantProfiles;
|
|
83
|
+
}
|
|
84
|
+
/**
|
|
85
|
+
* Generates account key from interface
|
|
86
|
+
* @param accountInterface
|
|
87
|
+
*/
|
|
88
|
+
static generateAccountCacheKey(accountInterface) {
|
|
89
|
+
const homeTenantId = accountInterface.homeAccountId.split(".")[1];
|
|
90
|
+
const accountKey = [
|
|
91
|
+
accountInterface.homeAccountId,
|
|
92
|
+
accountInterface.environment || "",
|
|
93
|
+
homeTenantId || accountInterface.tenantId || "",
|
|
94
|
+
];
|
|
95
|
+
return accountKey.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase();
|
|
96
|
+
}
|
|
97
|
+
/**
|
|
98
|
+
* Build Account cache from IdToken, clientInfo and authority/policy. Associated with AAD.
|
|
99
|
+
* @param accountDetails
|
|
100
|
+
*/
|
|
101
|
+
static createAccount(accountDetails, authority, base64Decode) {
|
|
102
|
+
const account = new AccountEntity();
|
|
103
|
+
if (authority.authorityType === AuthorityType.Adfs) {
|
|
104
|
+
account.authorityType = CacheAccountType.ADFS_ACCOUNT_TYPE;
|
|
105
|
+
}
|
|
106
|
+
else if (authority.protocolMode === ProtocolMode.AAD) {
|
|
107
|
+
account.authorityType = CacheAccountType.MSSTS_ACCOUNT_TYPE;
|
|
108
|
+
}
|
|
109
|
+
else {
|
|
110
|
+
account.authorityType = CacheAccountType.GENERIC_ACCOUNT_TYPE;
|
|
111
|
+
}
|
|
112
|
+
let clientInfo;
|
|
113
|
+
if (accountDetails.clientInfo && base64Decode) {
|
|
114
|
+
clientInfo = buildClientInfo(accountDetails.clientInfo, base64Decode);
|
|
115
|
+
}
|
|
116
|
+
account.clientInfo = accountDetails.clientInfo;
|
|
117
|
+
account.homeAccountId = accountDetails.homeAccountId;
|
|
118
|
+
account.nativeAccountId = accountDetails.nativeAccountId;
|
|
119
|
+
const env = accountDetails.environment ||
|
|
120
|
+
(authority && authority.getPreferredCache());
|
|
121
|
+
if (!env) {
|
|
122
|
+
throw createClientAuthError(invalidCacheEnvironment);
|
|
123
|
+
}
|
|
124
|
+
account.environment = env;
|
|
125
|
+
// non AAD scenarios can have empty realm
|
|
126
|
+
account.realm =
|
|
127
|
+
clientInfo?.utid ||
|
|
128
|
+
getTenantIdFromIdTokenClaims(accountDetails.idTokenClaims) ||
|
|
129
|
+
"";
|
|
130
|
+
// How do you account for MSA CID here?
|
|
131
|
+
account.localAccountId =
|
|
132
|
+
clientInfo?.uid ||
|
|
133
|
+
accountDetails.idTokenClaims?.oid ||
|
|
134
|
+
accountDetails.idTokenClaims?.sub ||
|
|
135
|
+
"";
|
|
136
|
+
/*
|
|
137
|
+
* In B2C scenarios the emails claim is used instead of preferred_username and it is an array.
|
|
138
|
+
* In most cases it will contain a single email. This field should not be relied upon if a custom
|
|
139
|
+
* policy is configured to return more than 1 email.
|
|
140
|
+
*/
|
|
141
|
+
const preferredUsername = accountDetails.idTokenClaims?.preferred_username ||
|
|
142
|
+
accountDetails.idTokenClaims?.upn;
|
|
143
|
+
const email = accountDetails.idTokenClaims?.emails
|
|
144
|
+
? accountDetails.idTokenClaims.emails[0]
|
|
145
|
+
: null;
|
|
146
|
+
account.username = preferredUsername || email || "";
|
|
147
|
+
account.name = accountDetails.idTokenClaims?.name || "";
|
|
148
|
+
account.cloudGraphHostName = accountDetails.cloudGraphHostName;
|
|
149
|
+
account.msGraphHost = accountDetails.msGraphHost;
|
|
150
|
+
if (accountDetails.tenantProfiles) {
|
|
151
|
+
account.tenantProfiles = accountDetails.tenantProfiles;
|
|
152
|
+
}
|
|
153
|
+
else {
|
|
154
|
+
const tenantProfile = buildTenantProfile(accountDetails.homeAccountId, account.localAccountId, account.realm, accountDetails.idTokenClaims);
|
|
155
|
+
account.tenantProfiles = [tenantProfile];
|
|
156
|
+
}
|
|
157
|
+
return account;
|
|
158
|
+
}
|
|
159
|
+
/**
|
|
160
|
+
* Creates an AccountEntity object from AccountInfo
|
|
161
|
+
* @param accountInfo
|
|
162
|
+
* @param cloudGraphHostName
|
|
163
|
+
* @param msGraphHost
|
|
164
|
+
* @returns
|
|
165
|
+
*/
|
|
166
|
+
static createFromAccountInfo(accountInfo, cloudGraphHostName, msGraphHost) {
|
|
167
|
+
const account = new AccountEntity();
|
|
168
|
+
account.authorityType =
|
|
169
|
+
accountInfo.authorityType || CacheAccountType.GENERIC_ACCOUNT_TYPE;
|
|
170
|
+
account.homeAccountId = accountInfo.homeAccountId;
|
|
171
|
+
account.localAccountId = accountInfo.localAccountId;
|
|
172
|
+
account.nativeAccountId = accountInfo.nativeAccountId;
|
|
173
|
+
account.realm = accountInfo.tenantId;
|
|
174
|
+
account.environment = accountInfo.environment;
|
|
175
|
+
account.username = accountInfo.username;
|
|
176
|
+
account.name = accountInfo.name;
|
|
177
|
+
account.cloudGraphHostName = cloudGraphHostName;
|
|
178
|
+
account.msGraphHost = msGraphHost;
|
|
179
|
+
// Serialize tenant profiles map into an array
|
|
180
|
+
account.tenantProfiles = Array.from(accountInfo.tenantProfiles?.values() || []);
|
|
181
|
+
return account;
|
|
182
|
+
}
|
|
183
|
+
/**
|
|
184
|
+
* Generate HomeAccountId from server response
|
|
185
|
+
* @param serverClientInfo
|
|
186
|
+
* @param authType
|
|
187
|
+
*/
|
|
188
|
+
static generateHomeAccountId(serverClientInfo, authType, logger, cryptoObj, idTokenClaims) {
|
|
189
|
+
// since ADFS/DSTS do not have tid and does not set client_info
|
|
190
|
+
if (!(authType === AuthorityType.Adfs ||
|
|
191
|
+
authType === AuthorityType.Dsts)) {
|
|
192
|
+
// for cases where there is clientInfo
|
|
193
|
+
if (serverClientInfo) {
|
|
194
|
+
try {
|
|
195
|
+
const clientInfo = buildClientInfo(serverClientInfo, cryptoObj.base64Decode);
|
|
196
|
+
if (clientInfo.uid && clientInfo.utid) {
|
|
197
|
+
return `${clientInfo.uid}.${clientInfo.utid}`;
|
|
198
|
+
}
|
|
199
|
+
}
|
|
200
|
+
catch (e) { }
|
|
201
|
+
}
|
|
202
|
+
logger.warning("No client info in response");
|
|
203
|
+
}
|
|
204
|
+
// default to "sub" claim
|
|
205
|
+
return idTokenClaims?.sub || "";
|
|
206
|
+
}
|
|
207
|
+
/**
|
|
208
|
+
* Validates an entity: checks for all expected params
|
|
209
|
+
* @param entity
|
|
210
|
+
*/
|
|
211
|
+
static isAccountEntity(entity) {
|
|
212
|
+
if (!entity) {
|
|
213
|
+
return false;
|
|
214
|
+
}
|
|
215
|
+
return (entity.hasOwnProperty("homeAccountId") &&
|
|
216
|
+
entity.hasOwnProperty("environment") &&
|
|
217
|
+
entity.hasOwnProperty("realm") &&
|
|
218
|
+
entity.hasOwnProperty("localAccountId") &&
|
|
219
|
+
entity.hasOwnProperty("username") &&
|
|
220
|
+
entity.hasOwnProperty("authorityType"));
|
|
221
|
+
}
|
|
222
|
+
/**
|
|
223
|
+
* Helper function to determine whether 2 accountInfo objects represent the same account
|
|
224
|
+
* @param accountA
|
|
225
|
+
* @param accountB
|
|
226
|
+
* @param compareClaims - If set to true idTokenClaims will also be compared to determine account equality
|
|
227
|
+
*/
|
|
228
|
+
static accountInfoIsEqual(accountA, accountB, compareClaims) {
|
|
229
|
+
if (!accountA || !accountB) {
|
|
230
|
+
return false;
|
|
231
|
+
}
|
|
232
|
+
let claimsMatch = true; // default to true so as to not fail comparison below if compareClaims: false
|
|
233
|
+
if (compareClaims) {
|
|
234
|
+
const accountAClaims = (accountA.idTokenClaims ||
|
|
235
|
+
{});
|
|
236
|
+
const accountBClaims = (accountB.idTokenClaims ||
|
|
237
|
+
{});
|
|
238
|
+
// issued at timestamp and nonce are expected to change each time a new id token is acquired
|
|
239
|
+
claimsMatch =
|
|
240
|
+
accountAClaims.iat === accountBClaims.iat &&
|
|
241
|
+
accountAClaims.nonce === accountBClaims.nonce;
|
|
242
|
+
}
|
|
243
|
+
return (accountA.homeAccountId === accountB.homeAccountId &&
|
|
244
|
+
accountA.localAccountId === accountB.localAccountId &&
|
|
245
|
+
accountA.username === accountB.username &&
|
|
246
|
+
accountA.tenantId === accountB.tenantId &&
|
|
247
|
+
accountA.environment === accountB.environment &&
|
|
248
|
+
accountA.nativeAccountId === accountB.nativeAccountId &&
|
|
249
|
+
claimsMatch);
|
|
250
|
+
}
|
|
251
251
|
}
|
|
252
252
|
|
|
253
253
|
export { AccountEntity };
|
|
@@ -1,12 +1,12 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* App Metadata Cache Type
|
|
3
|
-
*/
|
|
4
|
-
export type AppMetadataEntity = {
|
|
5
|
-
/** clientId of the application */
|
|
6
|
-
clientId: string;
|
|
7
|
-
/** entity that issued the token, represented as a full host */
|
|
8
|
-
environment: string;
|
|
9
|
-
/** Family identifier, '1' represents Microsoft Family */
|
|
10
|
-
familyId?: string;
|
|
11
|
-
};
|
|
1
|
+
/**
|
|
2
|
+
* App Metadata Cache Type
|
|
3
|
+
*/
|
|
4
|
+
export type AppMetadataEntity = {
|
|
5
|
+
/** clientId of the application */
|
|
6
|
+
clientId: string;
|
|
7
|
+
/** entity that issued the token, represented as a full host */
|
|
8
|
+
environment: string;
|
|
9
|
+
/** Family identifier, '1' represents Microsoft Family */
|
|
10
|
+
familyId?: string;
|
|
11
|
+
};
|
|
12
12
|
//# sourceMappingURL=AppMetadataEntity.d.ts.map
|
|
@@ -1,16 +1,16 @@
|
|
|
1
|
-
/** @internal */
|
|
2
|
-
export type AuthorityMetadataEntity = {
|
|
3
|
-
aliases: Array<string>;
|
|
4
|
-
preferred_cache: string;
|
|
5
|
-
preferred_network: string;
|
|
6
|
-
canonical_authority: string;
|
|
7
|
-
authorization_endpoint: string;
|
|
8
|
-
token_endpoint: string;
|
|
9
|
-
end_session_endpoint?: string;
|
|
10
|
-
issuer: string;
|
|
11
|
-
aliasesFromNetwork: boolean;
|
|
12
|
-
endpointsFromNetwork: boolean;
|
|
13
|
-
expiresAt: number;
|
|
14
|
-
jwks_uri: string;
|
|
15
|
-
};
|
|
1
|
+
/** @internal */
|
|
2
|
+
export type AuthorityMetadataEntity = {
|
|
3
|
+
aliases: Array<string>;
|
|
4
|
+
preferred_cache: string;
|
|
5
|
+
preferred_network: string;
|
|
6
|
+
canonical_authority: string;
|
|
7
|
+
authorization_endpoint: string;
|
|
8
|
+
token_endpoint: string;
|
|
9
|
+
end_session_endpoint?: string;
|
|
10
|
+
issuer: string;
|
|
11
|
+
aliasesFromNetwork: boolean;
|
|
12
|
+
endpointsFromNetwork: boolean;
|
|
13
|
+
expiresAt: number;
|
|
14
|
+
jwks_uri: string;
|
|
15
|
+
};
|
|
16
16
|
//# sourceMappingURL=AuthorityMetadataEntity.d.ts.map
|
|
@@ -1,14 +1,14 @@
|
|
|
1
|
-
import { IdTokenEntity } from "./IdTokenEntity";
|
|
2
|
-
import { AccessTokenEntity } from "./AccessTokenEntity";
|
|
3
|
-
import { RefreshTokenEntity } from "./RefreshTokenEntity";
|
|
4
|
-
import { AccountEntity } from "./AccountEntity";
|
|
5
|
-
import { AppMetadataEntity } from "./AppMetadataEntity";
|
|
6
|
-
/** @internal */
|
|
7
|
-
export type CacheRecord = {
|
|
8
|
-
account?: AccountEntity | null;
|
|
9
|
-
idToken?: IdTokenEntity | null;
|
|
10
|
-
accessToken?: AccessTokenEntity | null;
|
|
11
|
-
refreshToken?: RefreshTokenEntity | null;
|
|
12
|
-
appMetadata?: AppMetadataEntity | null;
|
|
13
|
-
};
|
|
1
|
+
import { IdTokenEntity } from "./IdTokenEntity";
|
|
2
|
+
import { AccessTokenEntity } from "./AccessTokenEntity";
|
|
3
|
+
import { RefreshTokenEntity } from "./RefreshTokenEntity";
|
|
4
|
+
import { AccountEntity } from "./AccountEntity";
|
|
5
|
+
import { AppMetadataEntity } from "./AppMetadataEntity";
|
|
6
|
+
/** @internal */
|
|
7
|
+
export type CacheRecord = {
|
|
8
|
+
account?: AccountEntity | null;
|
|
9
|
+
idToken?: IdTokenEntity | null;
|
|
10
|
+
accessToken?: AccessTokenEntity | null;
|
|
11
|
+
refreshToken?: RefreshTokenEntity | null;
|
|
12
|
+
appMetadata?: AppMetadataEntity | null;
|
|
13
|
+
};
|
|
14
14
|
//# sourceMappingURL=CacheRecord.d.ts.map
|
|
@@ -1,31 +1,31 @@
|
|
|
1
|
-
import { CredentialType, AuthenticationScheme } from "../../utils/Constants";
|
|
2
|
-
/**
|
|
3
|
-
* Credential Cache Type
|
|
4
|
-
*/
|
|
5
|
-
export type CredentialEntity = {
|
|
6
|
-
/** Identifier for the user in their home tenant*/
|
|
7
|
-
homeAccountId: string;
|
|
8
|
-
/** Entity that issued the token, represented as a full host */
|
|
9
|
-
environment: string;
|
|
10
|
-
/** Type of credential */
|
|
11
|
-
credentialType: CredentialType;
|
|
12
|
-
/** Client ID of the application */
|
|
13
|
-
clientId: string;
|
|
14
|
-
/** Actual credential as a string */
|
|
15
|
-
secret: string;
|
|
16
|
-
/** Family ID identifier, usually only used for refresh tokens */
|
|
17
|
-
familyId?: string;
|
|
18
|
-
/** Full tenant or organizational identifier that the account belongs to */
|
|
19
|
-
realm?: string;
|
|
20
|
-
/** Permissions that are included in the token, or for refresh tokens, the resource identifier. */
|
|
21
|
-
target?: string;
|
|
22
|
-
/** Matches the SHA 256 hash of the obo_assertion for the OBO flow */
|
|
23
|
-
userAssertionHash?: string;
|
|
24
|
-
/** Matches the authentication scheme for which the token was issued (i.e. Bearer or pop) */
|
|
25
|
-
tokenType?: AuthenticationScheme;
|
|
26
|
-
/** KeyId for PoP and SSH tokens stored in the kid claim */
|
|
27
|
-
keyId?: string;
|
|
28
|
-
/** Matches the SHA 256 hash of the claims object included in the token request */
|
|
29
|
-
requestedClaimsHash?: string;
|
|
30
|
-
};
|
|
1
|
+
import { CredentialType, AuthenticationScheme } from "../../utils/Constants";
|
|
2
|
+
/**
|
|
3
|
+
* Credential Cache Type
|
|
4
|
+
*/
|
|
5
|
+
export type CredentialEntity = {
|
|
6
|
+
/** Identifier for the user in their home tenant*/
|
|
7
|
+
homeAccountId: string;
|
|
8
|
+
/** Entity that issued the token, represented as a full host */
|
|
9
|
+
environment: string;
|
|
10
|
+
/** Type of credential */
|
|
11
|
+
credentialType: CredentialType;
|
|
12
|
+
/** Client ID of the application */
|
|
13
|
+
clientId: string;
|
|
14
|
+
/** Actual credential as a string */
|
|
15
|
+
secret: string;
|
|
16
|
+
/** Family ID identifier, usually only used for refresh tokens */
|
|
17
|
+
familyId?: string;
|
|
18
|
+
/** Full tenant or organizational identifier that the account belongs to */
|
|
19
|
+
realm?: string;
|
|
20
|
+
/** Permissions that are included in the token, or for refresh tokens, the resource identifier. */
|
|
21
|
+
target?: string;
|
|
22
|
+
/** Matches the SHA 256 hash of the obo_assertion for the OBO flow */
|
|
23
|
+
userAssertionHash?: string;
|
|
24
|
+
/** Matches the authentication scheme for which the token was issued (i.e. Bearer or pop) */
|
|
25
|
+
tokenType?: AuthenticationScheme;
|
|
26
|
+
/** KeyId for PoP and SSH tokens stored in the kid claim */
|
|
27
|
+
keyId?: string;
|
|
28
|
+
/** Matches the SHA 256 hash of the claims object included in the token request */
|
|
29
|
+
requestedClaimsHash?: string;
|
|
30
|
+
};
|
|
31
31
|
//# sourceMappingURL=CredentialEntity.d.ts.map
|
|
@@ -1,9 +1,9 @@
|
|
|
1
|
-
import { CredentialEntity } from "./CredentialEntity";
|
|
2
|
-
/**
|
|
3
|
-
* Id Token Cache Type
|
|
4
|
-
*/
|
|
5
|
-
export type IdTokenEntity = CredentialEntity & {
|
|
6
|
-
/** Full tenant or organizational identifier that the account belongs to */
|
|
7
|
-
realm: string;
|
|
8
|
-
};
|
|
1
|
+
import { CredentialEntity } from "./CredentialEntity";
|
|
2
|
+
/**
|
|
3
|
+
* Id Token Cache Type
|
|
4
|
+
*/
|
|
5
|
+
export type IdTokenEntity = CredentialEntity & {
|
|
6
|
+
/** Full tenant or organizational identifier that the account belongs to */
|
|
7
|
+
realm: string;
|
|
8
|
+
};
|
|
9
9
|
//# sourceMappingURL=IdTokenEntity.d.ts.map
|